Evil Encryption?

Encryption has been all over the news lately with the big fight between Apple and the FBI. Punches are flying left and right, but what is really going on? An unfortunate part of this debate has been that many of the people discussing it have little knowledge of how encryption works. They just feel that the FBI or police should be able to access the data held inside a terrorist’s work phone. In many situations, granting law enforcement access makes sense, but encryption is different than a locked house or a safe in the basement. The goal of this article is to discuss the FBI v. Apple case, the state of encryption and why encryption doesn’t mean “going dark”.

First, let’s look at the legal side of the FBI v. Apple case. In the United States, search warrants and subpoenas are used everyday to retrieve evidence for court cases. Search warrants give authorities the legal right to search and retrieve evidence from an individual or property. To obtain a search warrant, law enforcement must present a judge with a convincing reason that a search for, or retrieval of, specific evidence is necessary. Another legal instrument used to obtain items like testimony from someone is a subpoena. For instance, if you witness a bank robbery, a subpoena might be issued that compels you to appear in court and describe what you saw. Both a search warrant and subpoena are similar in that they are used to obtain access to something that exists. This is where the Apple case is different.

The FBI did not issue a standard search warrant or subpoena to request the suspect’s Personal Identification Number (PIN). Apple does not store anyone’s passcodes, so that is not something that they can provide. What the FBI has done is use something called the “All Writs Act of 1789”. The Act can be read as allowing a judge to grant whatever is deemed necessary to help in solving a case. A judge used the All Writs Act to issue a demand that Apple create a weakened version of their operating system to assist the FBI in accessing a terrorist’s work phone. Most people have heard of a search warrant and a subpoena. That is because they are used thousands of times each day around the United States. That is not the case with the “All Writs Act”, which is used much less often. Not only is the All Writs Act used less often, in the FBI v. Apple case it is being used in a way that would be similar to a judge requiring a bulletproof vest manufacturer to create ammunition that can pierce their vest. Despite the fact that the bulletproof vest manufacturer does not want to provide such ammunition as a product. Apple was being demanded to weaken the security of one of their products, which goes against the company’s mission and goals. Asking Apple to create something that does not exist is what sets this case apart from a legal perspective.

How encryption works also makes this debate different than others. The FBI initially could not unlock the phone in question because it was encrypted and they did not know the PIN. Not even Apple knew the PIN. This is different than a safe. If the FBI wants access to a safe and does not know the combination, they could have the safe pried open, cut through, cracked by a specialist, blown open and so on. Encryption is different because the only way to open something that is properly encrypted is with the key. The reason encryption is used is that it protects data by making it appear like a jumble of nothing to those who don’t have the key. When the correct key is supplied to the encryption software the data is made readable. If you do not know the key, you can try to guess it. Guessing could take minutes with a short simple password, or it could take hundreds of years if the password is sufficiently long and complex. iPhones can be setup to use a short 6 digit PIN, which provides access to the encryption key. Normally a 6 digit PIN would not be good protection. Apple makes the short PIN stronger by slowing the speed guesses can be made and optionally destroying the key after too many bad guesses. Without those security features a 6 digit PIN would not provide good security. As it turns out, there was a weakness in those security features. That was proven when the FBI gained access to the iPhone. Weaknesses like the one the FBI found are exactly what they want and they would prefer they were provided by design. Weak security makes is much easier to decrypt any phone.

If something is keeping the FBI out of a terrorist’s phone you may wonder if it is really that important. Whether you know it or not, most of us are constantly using encryption and it keeps us safe. Two of the primary items that encryption protects are authentication and data. When you connect to a banking website, the communication between you and the bank is encrypted. That means that when you enter your password to authenticate yourself with the bank nobody can listen in and grab it. There are also a variety of ways encryption protects our data. One way encryption protects data is when one of our devices is lost or stolen. If the lost/stolen device is not encrypted, it is trivial to access the data within it. Unfortunately we are not back in the 1990s or early 2000s. Back when phones only contained a contact list and call log. Phones now contain a great deal of sensitive information. They store things like schedules, home addresses, GPS location data, banking apps, company email, cloud storage apps, credit card info, pictures and videos of our kids, access to our home’s security cameras and maybe even a digital key that can unlock our house or car. On all iPhones, and optionally on most Android phones, encryption protects that information. Most people do not want to be victims of a crime, so using encryption as a protection makes sense. We do things like lock our homes when we are out or asleep, use an alarm system, carry pepper spray, use firewalls and other technology to protect ourselves and so on. Encryption is needed because it protects sensitive data and communications from criminals.

What if we did not protect ourselves and companies with encryption? In the digital world not using encryption is like driving a brand new BMW into the worst part of town. Then getting out and leaving it unlocked with the keys in the ignition, windows down and a duffle bag full of cash in the backseat. With no encryption, the password you use to log into a device does not make it any harder for someone with physical access to look at the data within it. I can pop an unencrypted hard drive out of a laptop in a couple of minutes and use an adapter to plug it into another laptop where I then have access to all of the non-encrypted files. If the laptop’s hard drive was encrypted, I would only have access to what looks like jumbled randomness. Banking online without encryption would make fraud so easy, banks would have to stop offering online services. Email accounts would be constantly breached and used to send out spam exponentially more than they already are. Companies and governments would not be able to protect sensitive information that is stored in a digital format. Anywhere that that takes credit card payments and processes them over a network, or the Internet (Most large retailers and increasingly more and more smaller stores) would have even larger numbers of credit card theft and fraud than they already do. I could go on and on. The idea is that without encryption we would be forced to move backward and go non-digital with anything important.

With so many smart people in Silicon Valley there must be another option! What about encryption where there are two keys that can unlock the data? One that the government or a company like Apple holds, and one that the customer holds. If the FBI needs access, then they get a search warrant and are provided the key. That doesn’t sound like a terrible idea. Technically it is possible to create two keys for every device, but simply creating two keys is not enough. The keys need to be protected and a key vault at Apple or anywhere else would be a big target. Protecting the keys would be incredibly expensive and no one can fully guarantee their safety. Why can’t the safety be guaranteed? Most government agencies and private companies have proven time and time again that they are not good at protecting themselves from electronic attacks. Frequently large organizations with tremendous resources can’t keep things like detailed background checks of CIA operatives safe (Office of Personnel Management breach), credit card transactions secure (Target, Home Depot, …) and so on. Heck, even the “impossible to crack by the FBI” iPhone was broken into without the help of Apple. Security in the digital age is not easy. It only takes one small mistake to create a major hole and that is all the bad guys need. Total digital security cannot be guaranteed because it sadly does not exist.

Speaking of bad guys, the largest and most convincing argument against the use of encryption is because it helps criminals and terrorists commit crimes. Nobody is just dying to be blown up or shot by ISIL. So why not just make encryption illegal? Murder, bombs and suicide vests are all illegal, but that has not stopped terrorists from using them. Encryption is not much different. The very popular and strong Advanced Encryption Standard (AES) algorithm was published by the National Institute of Standards and Technology (NIST) back in 2001. It is far too late to take AES or any other published algorithms back. They are out there for all to use and are not going away. For that reason, a U.S. or even a worldwide ban on encryption would do little to prevent criminals and terrorists from using it. Encryption is not magic, it is math. Terrorists that have scientists working to build them effective bombs out of household ingredients would have little issue with creating encrypted communications if necessary. Making encryption illegal would only prevent law-abiding citizens and the most unsophisticated of criminals from using it.

If making encryption illegal wouldn’t be effective, then how do we deal with terrorists and other criminals? What nation state spies and law enforcement are saying about “going dark” due to encryption is not accurate. Encryption does not actually make law enforcement agencies or militaries as blind as you might think. Authorities can and do use vulnerabilities that exist in our software and operating systems to provide more effective spying. Encryption does not matter when you hack somebody’s phone or laptop and install software that listens in on the microphone all the time, takes screenshots and records all the entered keystrokes. This is done, and the NSA’s Robert Joyce has even explained that there are so many known and unfixed software and operating system issues that they don’t have to heavily rely on finding or buying the unknown ones to take advantage of. When a cell phone or laptop can be hacked from a cubicle on the other side of the planet, it is hard to say anybody is going dark.

This article has described the FBI v. Apple encryption debate, the state of encryption and why nobody is “going dark”. The point of this article was to explain what is going on and to make you think logically, not emotionally about where you stand on the encryption debate. As long as we want to live in a digital world we have two options in regards to encryption. The first option is to accept the reality that encryption exists, is not going away and for the most part provides law-abiding citizens, companies and other organizations with a great deal of security. The second option is to live in a world where only criminals and terrorists have the best protection.